Vulnerabilities > CVE-2012-3136 - Remote Code Execution vulnerability in Oracle JDK and JRE

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
oracle
critical
nessus

Summary

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans, a different vulnerability than CVE-2012-1682.

Vulnerable Configurations

Part Description Count
Application
Oracle
14

Nessus

  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2012-1223.NASL
    descriptionUpdated java-1.7.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple improper permission check issues were discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2012-4681, CVE-2012-1682, CVE-2012-3136) A hardening fix was applied to the AWT component in OpenJDK, removing functionality from the restricted SunToolkit class that was used in combination with other flaws to bypass Java sandbox restrictions. (CVE-2012-0547) All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id61769
    published2012-09-04
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61769
    titleRHEL 6 : java-1.7.0-openjdk (RHSA-2012:1223)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2012:1223. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(61769);
      script_version ("1.25");
      script_cvs_date("Date: 2019/10/24 15:35:36");
    
      script_cve_id("CVE-2012-0547", "CVE-2012-1682", "CVE-2012-3136", "CVE-2012-4681");
      script_bugtraq_id(55213, 55337);
      script_xref(name:"RHSA", value:"2012:1223");
    
      script_name(english:"RHEL 6 : java-1.7.0-openjdk (RHSA-2012:1223)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated java-1.7.0-openjdk packages that fix several security issues
    are now available for Red Hat Enterprise Linux 6.
    
    The Red Hat Security Response Team has rated this update as having
    important security impact. Common Vulnerability Scoring System (CVSS)
    base scores, which give detailed severity ratings, are available for
    each vulnerability from the CVE links in the References section.
    
    These packages provide the OpenJDK 7 Java Runtime Environment and the
    OpenJDK 7 Software Development Kit.
    
    Multiple improper permission check issues were discovered in the Beans
    component in OpenJDK. An untrusted Java application or applet could
    use these flaws to bypass Java sandbox restrictions. (CVE-2012-4681,
    CVE-2012-1682, CVE-2012-3136)
    
    A hardening fix was applied to the AWT component in OpenJDK, removing
    functionality from the restricted SunToolkit class that was used in
    combination with other flaws to bypass Java sandbox restrictions.
    (CVE-2012-0547)
    
    All users of java-1.7.0-openjdk are advised to upgrade to these
    updated packages, which resolve these issues. All running instances of
    OpenJDK Java must be restarted for the update to take effect."
      );
      # http://www.oracle.com/technetwork/topics/security/
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.oracle.com/technetwork/topics/security/whatsnew/index.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2012:1223"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2012-0547"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2012-1682"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2012-4681"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2012-3136"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Java 7 Applet Remote Code Execution');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-demo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-javadoc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-src");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.3");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/08/27");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/09/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/09/04");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2012:1223";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.3")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.3")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.7.0-openjdk-debuginfo-1.7.0.5-2.2.1.el6_3.3")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.7.0-openjdk-debuginfo-1.7.0.5-2.2.1.el6_3.3")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.7.0-openjdk-demo-1.7.0.5-2.2.1.el6_3.3")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.7.0-openjdk-demo-1.7.0.5-2.2.1.el6_3.3")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.7.0-openjdk-devel-1.7.0.5-2.2.1.el6_3.3")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.7.0-openjdk-devel-1.7.0.5-2.2.1.el6_3.3")) flag++;
    
      if (rpm_check(release:"RHEL6", reference:"java-1.7.0-openjdk-javadoc-1.7.0.5-2.2.1.el6_3.3")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.7.0-openjdk-src-1.7.0.5-2.2.1.el6_3.3")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.7.0-openjdk-src-1.7.0.5-2.2.1.el6_3.3")) flag++;
    
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.7.0-openjdk / java-1.7.0-openjdk-debuginfo / etc");
      }
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2012-1289.NASL
    descriptionUpdated java-1.7.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2012-0547, CVE-2012-0551, CVE-2012-1682, CVE-2012-1713, CVE-2012-1716, CVE-2012-1717, CVE-2012-1719, CVE-2012-1721, CVE-2012-1722, CVE-2012-1725, CVE-2012-1726, CVE-2012-3136, CVE-2012-4681) All users of java-1.7.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7 SR2 release. All running instances of IBM Java must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id62196
    published2012-09-19
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/62196
    titleRHEL 6 : java-1.7.0-ibm (RHSA-2012:1289)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2012:1289. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(62196);
      script_version ("1.24");
      script_cvs_date("Date: 2019/10/24 15:35:36");
    
      script_cve_id("CVE-2012-0547", "CVE-2012-0551", "CVE-2012-1682", "CVE-2012-1713", "CVE-2012-1716", "CVE-2012-1717", "CVE-2012-1719", "CVE-2012-1721", "CVE-2012-1722", "CVE-2012-1725", "CVE-2012-1726", "CVE-2012-3136", "CVE-2012-4681");
      script_bugtraq_id(53136, 53946, 53947, 53948, 53950, 53952, 53953, 53954, 53959, 55213, 55336, 55337, 55339);
      script_xref(name:"RHSA", value:"2012:1289");
    
      script_name(english:"RHEL 6 : java-1.7.0-ibm (RHSA-2012:1289)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated java-1.7.0-ibm packages that fix several security issues are
    now available for Red Hat Enterprise Linux 6 Supplementary.
    
    The Red Hat Security Response Team has rated this update as having
    critical security impact. Common Vulnerability Scoring System (CVSS)
    base scores, which give detailed severity ratings, are available for
    each vulnerability from the CVE links in the References section.
    
    IBM Java SE version 7 includes the IBM Java Runtime Environment and
    the IBM Java Software Development Kit.
    
    This update fixes several vulnerabilities in the IBM Java Runtime
    Environment and the IBM Java Software Development Kit. Detailed
    vulnerability descriptions are linked from the IBM Security alerts
    page, listed in the References section. (CVE-2012-0547, CVE-2012-0551,
    CVE-2012-1682, CVE-2012-1713, CVE-2012-1716, CVE-2012-1717,
    CVE-2012-1719, CVE-2012-1721, CVE-2012-1722, CVE-2012-1725,
    CVE-2012-1726, CVE-2012-3136, CVE-2012-4681)
    
    All users of java-1.7.0-ibm are advised to upgrade to these updated
    packages, containing the IBM Java SE 7 SR2 release. All running
    instances of IBM Java must be restarted for the update to take effect."
      );
      # https://www.ibm.com/developerworks/java/jdk/alerts/
      script_set_attribute(
        attribute:"see_also",
        value:"https://developer.ibm.com/javasdk/support/security-vulnerabilities/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2012:1289"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2012-1725"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2012-1719"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2012-1717"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2012-1716"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2012-1713"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2012-1722"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2012-0551"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2012-1721"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2012-1726"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2012-0547"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2012-1682"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2012-4681"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2012-3136"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Java 7 Applet Remote Code Execution');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-ibm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-ibm-demo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-ibm-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-ibm-jdbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-ibm-plugin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-ibm-src");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.3");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/05/03");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/09/18");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/09/19");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2012:1289";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.7.0-ibm-1.7.0.2.0-1jpp.3.el6_3")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"java-1.7.0-ibm-1.7.0.2.0-1jpp.3.el6_3")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.7.0-ibm-1.7.0.2.0-1jpp.3.el6_3")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.7.0-ibm-demo-1.7.0.2.0-1jpp.3.el6_3")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"java-1.7.0-ibm-demo-1.7.0.2.0-1jpp.3.el6_3")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.7.0-ibm-demo-1.7.0.2.0-1jpp.3.el6_3")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.7.0-ibm-devel-1.7.0.2.0-1jpp.3.el6_3")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"java-1.7.0-ibm-devel-1.7.0.2.0-1jpp.3.el6_3")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.7.0-ibm-devel-1.7.0.2.0-1jpp.3.el6_3")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.7.0-ibm-jdbc-1.7.0.2.0-1jpp.3.el6_3")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"java-1.7.0-ibm-jdbc-1.7.0.2.0-1jpp.3.el6_3")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.7.0-ibm-jdbc-1.7.0.2.0-1jpp.3.el6_3")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.7.0-ibm-plugin-1.7.0.2.0-1jpp.3.el6_3")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.7.0-ibm-plugin-1.7.0.2.0-1jpp.3.el6_3")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.7.0-ibm-src-1.7.0.2.0-1jpp.3.el6_3")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"java-1.7.0-ibm-src-1.7.0.2.0-1jpp.3.el6_3")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.7.0-ibm-src-1.7.0.2.0-1jpp.3.el6_3")) flag++;
    
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.7.0-ibm / java-1.7.0-ibm-demo / java-1.7.0-ibm-devel / etc");
      }
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2012-1223.NASL
    descriptionFrom Red Hat Security Advisory 2012:1223 : Updated java-1.7.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple improper permission check issues were discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2012-4681, CVE-2012-1682, CVE-2012-3136) A hardening fix was applied to the AWT component in OpenJDK, removing functionality from the restricted SunToolkit class that was used in combination with other flaws to bypass Java sandbox restrictions. (CVE-2012-0547) All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id68611
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68611
    titleOracle Linux 6 : java-1.7.0-openjdk (ELSA-2012-1223)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2012:1223 and 
    # Oracle Linux Security Advisory ELSA-2012-1223 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(68611);
      script_version("1.9");
      script_cvs_date("Date: 2019/09/30 10:58:17");
    
      script_cve_id("CVE-2012-0547", "CVE-2012-1682", "CVE-2012-3136", "CVE-2012-4681");
      script_bugtraq_id(55213, 55336, 55337, 55339);
      script_xref(name:"RHSA", value:"2012:1223");
    
      script_name(english:"Oracle Linux 6 : java-1.7.0-openjdk (ELSA-2012-1223)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2012:1223 :
    
    Updated java-1.7.0-openjdk packages that fix several security issues
    are now available for Red Hat Enterprise Linux 6.
    
    The Red Hat Security Response Team has rated this update as having
    important security impact. Common Vulnerability Scoring System (CVSS)
    base scores, which give detailed severity ratings, are available for
    each vulnerability from the CVE links in the References section.
    
    These packages provide the OpenJDK 7 Java Runtime Environment and the
    OpenJDK 7 Software Development Kit.
    
    Multiple improper permission check issues were discovered in the Beans
    component in OpenJDK. An untrusted Java application or applet could
    use these flaws to bypass Java sandbox restrictions. (CVE-2012-4681,
    CVE-2012-1682, CVE-2012-3136)
    
    A hardening fix was applied to the AWT component in OpenJDK, removing
    functionality from the restricted SunToolkit class that was used in
    combination with other flaws to bypass Java sandbox restrictions.
    (CVE-2012-0547)
    
    All users of java-1.7.0-openjdk are advised to upgrade to these
    updated packages, which resolve these issues. All running instances of
    OpenJDK Java must be restarted for the update to take effect."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2012-September/003006.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected java-1.7.0-openjdk packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Java 7 Applet Remote Code Execution');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:java-1.7.0-openjdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:java-1.7.0-openjdk-demo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:java-1.7.0-openjdk-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:java-1.7.0-openjdk-javadoc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:java-1.7.0-openjdk-src");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/08/27");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/09/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 6", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL6", reference:"java-1.7.0-openjdk-1.7.0.5-2.2.1.0.1.el6_3.3")) flag++;
    if (rpm_check(release:"EL6", reference:"java-1.7.0-openjdk-demo-1.7.0.5-2.2.1.0.1.el6_3.3")) flag++;
    if (rpm_check(release:"EL6", reference:"java-1.7.0-openjdk-devel-1.7.0.5-2.2.1.0.1.el6_3.3")) flag++;
    if (rpm_check(release:"EL6", reference:"java-1.7.0-openjdk-javadoc-1.7.0.5-2.2.1.0.1.el6_3.3")) flag++;
    if (rpm_check(release:"EL6", reference:"java-1.7.0-openjdk-src-1.7.0.5-2.2.1.0.1.el6_3.3")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.7.0-openjdk / java-1.7.0-openjdk-demo / etc");
    }
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20120903_JAVA_1_7_0_OPENJDK_ON_SL6_X.NASL
    descriptionThese packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple improper permission check issues were discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2012-4681, CVE-2012-1682, CVE-2012-3136) A hardening fix was applied to the AWT component in OpenJDK, removing functionality from the restricted SunToolkit class that was used in combination with other flaws to bypass Java sandbox restrictions. (CVE-2012-0547) All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen2020-03-18
    modified2012-09-05
    plugin id61786
    published2012-09-05
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61786
    titleScientific Linux Security Update : java-1.7.0-openjdk on SL6.x i386/x86_64 (20120903)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(61786);
      script_version("1.9");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/27");
    
      script_cve_id("CVE-2012-0547", "CVE-2012-1682", "CVE-2012-3136", "CVE-2012-4681");
    
      script_name(english:"Scientific Linux Security Update : java-1.7.0-openjdk on SL6.x i386/x86_64 (20120903)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Scientific Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "These packages provide the OpenJDK 7 Java Runtime Environment and the
    OpenJDK 7 Software Development Kit.
    
    Multiple improper permission check issues were discovered in the Beans
    component in OpenJDK. An untrusted Java application or applet could
    use these flaws to bypass Java sandbox restrictions. (CVE-2012-4681,
    CVE-2012-1682, CVE-2012-3136)
    
    A hardening fix was applied to the AWT component in OpenJDK, removing
    functionality from the restricted SunToolkit class that was used in
    combination with other flaws to bypass Java sandbox restrictions.
    (CVE-2012-0547)
    
    All users of java-1.7.0-openjdk are advised to upgrade to these
    updated packages, which resolve these issues. All running instances of
    OpenJDK Java must be restarted for the update to take effect."
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1209&L=scientific-linux-errata&T=0&P=350
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?e1c18221"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Java 7 Applet Remote Code Execution');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-demo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-javadoc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-src");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/08/28");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/09/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/09/05");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 6.x", "Scientific Linux " + os_ver);
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL6", reference:"java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.3")) flag++;
    if (rpm_check(release:"SL6", reference:"java-1.7.0-openjdk-demo-1.7.0.5-2.2.1.el6_3.3")) flag++;
    if (rpm_check(release:"SL6", reference:"java-1.7.0-openjdk-devel-1.7.0.5-2.2.1.el6_3.3")) flag++;
    if (rpm_check(release:"SL6", reference:"java-1.7.0-openjdk-javadoc-1.7.0.5-2.2.1.el6_3.3")) flag++;
    if (rpm_check(release:"SL6", reference:"java-1.7.0-openjdk-src-1.7.0.5-2.2.1.el6_3.3")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.7.0-openjdk / java-1.7.0-openjdk-demo / etc");
    }
    
  • NASL familyMisc.
    NASL idORACLE_JAVA7_UPDATE6_UNIX.NASL
    descriptionThe version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 7 Update 7 and is, therefore, potentially affected the following vulnerabilities : - The
    last seen2020-06-01
    modified2020-06-02
    plugin id64841
    published2013-02-22
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/64841
    titleOracle Java SE 7 < Update 7 Multiple Vulnerabilities (Unix)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include('compat.inc');
    
    if (description)
    {
      script_id(64841);
      script_version("1.11");
      script_cvs_date("Date: 2019/12/04");
    
      script_cve_id(
        "CVE-2012-0547",
        "CVE-2012-1682",
        "CVE-2012-3136",
        "CVE-2012-4681"
      );
      script_bugtraq_id(
        55213,
        55336,
        55337,
        55339
      );
      script_xref(name:"CERT", value:"636312");
      script_xref(name:"EDB-ID", value:"20865");
    
      script_name(english:"Oracle Java SE 7 < Update 7 Multiple Vulnerabilities (Unix)");
      script_summary(english:"Checks version of the JRE");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Unix host contains a programming platform that is affected
    by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Oracle (formerly Sun) Java SE or Java for Business
    installed on the remote host is earlier than 7 Update 7 and is,
    therefore, potentially affected the following vulnerabilities :
    
      - The 'getField' method in the 'sun.awt.SunToolkit class'
        provided by the bundled SunToolkit can be used to
        obtain any field of a class - even private fields.
        This error can allow privilege escalation.
        (CVE-2012-0547)
    
      - Two unspecified remote code execution vulnerabilities
        exist related to the
        'com.sun.beans.finder.ConstructorFinder' and
        'com.sun.beans.finder.FieldFinder' methods. No further
        details have been provided. (CVE-2012-1682,
        CVE-2012-3136)
    
      - The 'setField' method provided by the bundled SunToolkit
        can be used to execute a privileged operation and calls
        'setAccessible(true)' on the returned field reference,
        allowing an attacker to disable any 'final' or 'private'
        directives and gain full control to run code in the Java
        virtual machine. (CVE-2012-4681)
    
    Note that at least one of these vulnerabilities is currently being
    exploited in the wild.");
      # http://blog.fireeye.com/research/2012/08/zero-day-season-is-not-over-yet.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?26d19d73");
      # http://www.deependresearch.org/2012/08/java-7-0-day-vulnerability-information.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?563cdce7");
      # http://thexploit.com/sec/java-facepalm-suntoolkit-getfield-vulnerability/
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?83fce915");
      script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/technetwork/java/javase/7u7-relnotes-1835816.html");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to JDK / JRE 7 Update 7 or later, and remove, if necessary, any
    affected versions.");
      script_set_attribute(attribute:"agent", value:"unix");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-4681");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Java 7 Applet Remote Code Execution');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/08/10");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/08/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/02/22");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:jre");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:jre");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Misc.");
    
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("sun_java_jre_installed_unix.nasl");
      script_require_keys("Host/Java/JRE/Installed");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    # Check each installed JRE.
    installs = get_kb_list_or_exit("Host/Java/JRE/Unmanaged/*");
    
    info = "";
    vuln = 0;
    vuln2 = 0;
    installed_versions = "";
    granular = "";
    foreach install (list_uniq(keys(installs)))
    {
      ver = install - "Host/Java/JRE/Unmanaged/";
      if (ver !~ "^[0-9.]+") continue;
    
      installed_versions = installed_versions + " & " + ver;
    
      if (ver =~ '^1\\.7\\.0_0[0-6]([^0-9]|$)')
      {
        dirs = make_list(get_kb_list(install));
        vuln += max_index(dirs);
    
        foreach dir (dirs)
          info += '\n  Path              : ' + dir;
    
        info += '\n  Installed version : ' + ver;
        info += '\n  Fixed version     : 1.7.0_07\n';
      }
      else if (ver =~ "^[\d\.]+$")
      {
        dirs = make_list(get_kb_list(install));
        foreach dir (dirs)
          granular += "The Oracle Java version "+ver+" at "+dir+" is not granular enough to make a determination."+'\n';
      }
      else
      {
        dirs = make_list(get_kb_list(install));
        vuln2 += max_index(dirs);
      }
    
    }
    
    # Report if any were found to be vulnerable.
    if (info)
    {
      if (report_verbosity > 0)
      {
        if (vuln > 1) s = "s of Java are";
        else s = " of Java is";
    
        report =
          '\n' +
          'The following vulnerable instance'+s+' installed on the\n' +
          'remote host :\n' +
          info;
        security_hole(port:0, extra:report);
      }
      else security_hole(0);
      if (granular) exit(0, granular);
    }
    else
    {
      if (granular) exit(0, granular);
      installed_versions = substr(installed_versions, 3);
      if (vuln2 > 1)
        exit(0, "The Java "+installed_versions+" installs on the remote host are not affected.");
      else
        exit(0, "The Java "+installed_versions+" install on the remote host is not affected.");
    }
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2012-150.NASL
    descriptionMultiple security issues were identified and fixed in OpenJDK (icedtea6) : Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier, and 6 Update 34 and earlier, has no impact and remote attack vectors involving AWT and a security-in-depth issue that is not directly exploitable but which can be used to aggravate security vulnerabilities that can be directly exploited. NOTE: this identifier was assigned by the Oracle CNA, but CVE is not intended to cover defense-in-depth issues that are only exposed by the presence of other vulnerabilities (CVE-2012-0547). Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans, a different vulnerability than CVE-2012-3136 (CVE-2012-1682). The updated packages provides icedtea6-1.11.4 which is not vulnerable to these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id62444
    published2012-10-06
    reporterThis script is Copyright (C) 2012-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/62444
    titleMandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2012:150-1)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandriva Linux Security Advisory MDVSA-2012:150. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(62444);
      script_version("1.9");
      script_cvs_date("Date: 2019/08/02 13:32:54");
    
      script_cve_id("CVE-2012-0547", "CVE-2012-1682");
      script_bugtraq_id(55336, 55339);
      script_xref(name:"MDVSA", value:"2012:150-1");
    
      script_name(english:"Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2012:150-1)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandriva Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Multiple security issues were identified and fixed in OpenJDK
    (icedtea6) :
    
    Unspecified vulnerability in the Java Runtime Environment (JRE)
    component in Oracle Java SE 7 Update 6 and earlier, and 6 Update 34
    and earlier, has no impact and remote attack vectors involving AWT and
    a security-in-depth issue that is not directly exploitable but which
    can be used to aggravate security vulnerabilities that can be directly
    exploited. NOTE: this identifier was assigned by the Oracle CNA, but
    CVE is not intended to cover defense-in-depth issues that are only
    exposed by the presence of other vulnerabilities (CVE-2012-0547).
    
    Unspecified vulnerability in the Java Runtime Environment (JRE)
    component in Oracle Java SE 7 Update 6 and earlier allows remote
    attackers to affect confidentiality, integrity, and availability via
    unknown vectors related to Beans, a different vulnerability than
    CVE-2012-3136 (CVE-2012-1682).
    
    The updated packages provides icedtea6-1.11.4 which is not vulnerable
    to these issues."
      );
      # http://www.oracle.com/technetwork/topics/security/alert-CVE-2012-4681-1835715.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?4d17abaf"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:java-1.6.0-openjdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-demo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-javadoc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-src");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2011");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2012/10/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/10/06");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK2011", reference:"java-1.6.0-openjdk-1.6.0.0-34.b24.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"java-1.6.0-openjdk-demo-1.6.0.0-34.b24.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"java-1.6.0-openjdk-devel-1.6.0.0-34.b24.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"java-1.6.0-openjdk-javadoc-1.6.0.0-34.b24.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"java-1.6.0-openjdk-src-1.6.0.0-34.b24.1-mdv2011.0", yank:"mdv")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2012-592.NASL
    descriptionJava-1_7_0-openjdk was updated to fix a remote exploit (CVE-2012-4681). Also bugfixes were done : - fix build on ARM and i586 - remove files that are no longer used - zero build can be enabled using rpmbuild (osc build) --with zero - add hotspot 2.1 needed for zero - fix filelist on %(ix86) - Security fixes - S7162476, CVE-2012-1682: XMLDecoder security issue via ClassFinder - S7194567, CVE-2012-3136: Improve long term persistence of java.beans objects - S7163201, CVE-2012-0547: Simplify toolkit internals references - RH852051, CVE-2012-4681, S7162473: Reintroduce PackageAccessible checks removed in 6788531. - OpenJDK - Fix Zero FTBFS issues with 2.3 - S7180036: Build failure in Mac platform caused by fix # 7163201 - S7182135: Impossible to use some editors directly - S7183701: [TEST] closed/java/beans/security/TestClassFinder.java &ndash; compilation failed - S7185678: java/awt/Menu/NullMenuLabelTest/NullMenuLabelTest.java failed with NPE - Bug fixes - PR1149: Zero-specific patch files not being packaged - use icedtea tarball for build again, this led into following dropped files because the are already in the tarball and simplified %prep and %build - drop class-rewriter.tar.gz - drop systemtap-tapset.tar.gz - drop desktop-files.tar.gz - drop nss.cfg - drop pulseaudio.tar.gz - drop remove-intree-libraries.sh - add archives from icedtea7-forest-2.3 for openjdk, corba, jaxp, jaxws, jdk, langtools and hotspot - drop rhino.patch, pulse-soundproperties and systemtap patch - move gnome bridge patches before make as it
    last seen2020-06-05
    modified2014-06-13
    plugin id74748
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74748
    titleopenSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2012:1154-1)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201401-30.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201401-30 (Oracle JRE/JDK: Multiple vulnerabilities) Multiple vulnerabilities have been reported in the Oracle Java implementation. Please review the CVE identifiers referenced below for details. Impact : An unauthenticated, remote attacker could exploit these vulnerabilities to execute arbitrary code. Furthermore, a local or remote attacker could exploit these vulnerabilities to cause unspecified impact, possibly including remote execution of arbitrary code. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id72139
    published2014-01-27
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72139
    titleGLSA-201401-30 : Oracle JRE/JDK: Multiple vulnerabilities (ROBOT)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_JAVA-1_7_0-IBM-120919.NASL
    descriptionIBM Java 1.7.0 was updated to SR2 which fixes critical security issues.
    last seen2020-06-05
    modified2013-01-25
    plugin id64170
    published2013-01-25
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/64170
    titleSuSE 11.2 Security Update : IBM Java (SAT Patch Number 6839)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2012-1225.NASL
    descriptionUpdated java-1.7.0-oracle packages that fix several security issues are now available for Red Hat Enterprise Linux 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Oracle Java 7 release includes the Oracle Java 7 Runtime Environment and the Oracle Java 7 Software Development Kit. This update fixes several vulnerabilities in the Oracle Java 7 Runtime Environment and the Oracle Java 7 Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Security Alert page, listed in the References section. (CVE-2012-4681, CVE-2012-1682, CVE-2012-3136, CVE-2012-0547) Red Hat is aware that a public exploit for CVE-2012-4681 is available that executes code without user interaction when a user visits a malicious web page using a browser with the Oracle Java 7 web browser plug-in enabled. All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 7 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id61770
    published2012-09-04
    reporterThis script is Copyright (C) 2012-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/61770
    titleRHEL 6 : java-1.7.0-oracle (RHSA-2012:1225)
  • NASL familyWindows
    NASL idORACLE_JAVA7_UPDATE6.NASL
    descriptionThe version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 7 Update 7 and is, therefore, potentially affected the following vulnerabilities : - The
    last seen2020-06-01
    modified2020-06-02
    plugin id61681
    published2012-08-27
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61681
    titleOracle Java SE 7 < Update 7 Multiple Vulnerabilities
  • NASL familyMisc.
    NASL idORACLE_JAVA6_UPDATE35_UNIX.NASL
    descriptionThe version of Oracle (formerly Sun) Java Runtime Environment (JRE) 6.x installed on the remote host is earlier than Update 35. It is, therefore, affected by the following vulnerabilities: - Multiple improper permission check issues were discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use these flaws to use classes from restricted packages, allowing it to bypass Java sandbox restrictions. (CVE-2012-4681, CVE-2012-1682, CVE-2012-3136, CVE-2012-0547) Please note this issue is not directly exploitable, rather it can aid in attacks against other, directly exploitable vulnerabilities, such as that found in CVE-2012-4681.
    last seen2020-06-01
    modified2020-06-02
    plugin id64839
    published2013-02-22
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/64839
    titleOracle Java JDK / JRE 6 < Update 35 Multiple Vulnerabilities
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2012-1223.NASL
    descriptionUpdated java-1.7.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple improper permission check issues were discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2012-4681, CVE-2012-1682, CVE-2012-3136) A hardening fix was applied to the AWT component in OpenJDK, removing functionality from the restricted SunToolkit class that was used in combination with other flaws to bypass Java sandbox restrictions. (CVE-2012-0547) All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id61789
    published2012-09-06
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61789
    titleCentOS 6 : java-1.7.0-openjdk (CESA-2012:1223)

Redhat

advisories
rhsa
idRHSA-2012:1225
rpms
  • java-1.7.0-openjdk-1:1.7.0.5-2.2.1.el6_3.3
  • java-1.7.0-openjdk-debuginfo-1:1.7.0.5-2.2.1.el6_3.3
  • java-1.7.0-openjdk-demo-1:1.7.0.5-2.2.1.el6_3.3
  • java-1.7.0-openjdk-devel-1:1.7.0.5-2.2.1.el6_3.3
  • java-1.7.0-openjdk-javadoc-1:1.7.0.5-2.2.1.el6_3.3
  • java-1.7.0-openjdk-src-1:1.7.0.5-2.2.1.el6_3.3
  • java-1.7.0-oracle-1:1.7.0.7-1jpp.5.el6_3
  • java-1.7.0-oracle-devel-1:1.7.0.7-1jpp.5.el6_3
  • java-1.7.0-oracle-jdbc-1:1.7.0.7-1jpp.5.el6_3
  • java-1.7.0-oracle-plugin-1:1.7.0.7-1jpp.5.el6_3
  • java-1.7.0-oracle-src-1:1.7.0.7-1jpp.5.el6_3
  • java-1.7.0-ibm-1:1.7.0.2.0-1jpp.3.el6_3
  • java-1.7.0-ibm-demo-1:1.7.0.2.0-1jpp.3.el6_3
  • java-1.7.0-ibm-devel-1:1.7.0.2.0-1jpp.3.el6_3
  • java-1.7.0-ibm-jdbc-1:1.7.0.2.0-1jpp.3.el6_3
  • java-1.7.0-ibm-plugin-1:1.7.0.2.0-1jpp.3.el6_3
  • java-1.7.0-ibm-src-1:1.7.0.2.0-1jpp.3.el6_3